Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/T1zT-h1IvmMJ4QM4MdYuh1TlGlo.roa
File: T1zT-h1IvmMJ4QM4MdYuh1TlGlo.roa (raw, json)
Hash identifier: sOVy7LKPFN/P0SMZTaZ9fdvzGx0knlR763p2ZT0drOM=
Subject key identifier: 4F:5C:D3:FA:1D:48:BE:63:09:E1:03:38:31:D6:2E:87:54:E5:1A:5A
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 019D3F33E1D0A739A76BEAC4457D6DBD1E18
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/T1zT-h1IvmMJ4QM4MdYuh1TlGlo.roa
Signing time: Mon 30 Mar 2026 14:44:17 +0000
ROA not before: Mon 30 Mar 2026 14:44:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213220
IP address blocks: 95.182.108.0/24 maxlen: 24
95.182.110.0/24 maxlen: 24
109.248.6.0/23 maxlen: 24
109.248.33.0/24 maxlen: 24
109.248.45.0/24 maxlen: 24
109.248.168.0/24 maxlen: 24
109.248.169.0/24 maxlen: 24
188.130.209.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 08:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3f:33:e1:d0:a7:39:a7:6b:ea:c4:45:7d:6d:bd:1e:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Mar 30 14:44:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4f5cd3fa1d48be6309e1033831d62e8754e51a5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:0c:a4:d2:4a:80:42:4d:92:d9:b0:cd:d4:e5:
d3:05:54:fc:20:e4:8d:01:f2:b7:24:b6:bd:6c:fe:
ae:dc:38:72:3f:0a:55:3c:30:b4:30:80:b5:d9:ec:
0c:dd:a2:4d:61:15:aa:3f:41:5a:b8:f1:86:d3:d6:
ec:ef:37:c0:0e:39:37:9c:df:ed:d2:f9:17:5a:9b:
3f:bd:26:ac:c8:c3:1e:2f:46:17:eb:14:3c:ed:0b:
da:d7:9a:0b:6a:5e:77:92:2f:c0:66:b8:b4:fd:62:
db:d7:10:8f:8f:f3:ea:79:c2:2d:6b:bc:2d:27:a5:
88:2a:1d:90:1b:0a:0e:25:d2:a0:fc:14:1c:3c:f9:
12:6c:e0:73:d7:1b:2d:70:26:56:31:ae:f5:95:6c:
87:55:b3:35:ac:e2:64:2e:ff:5a:73:53:6a:72:f5:
98:07:b9:02:d3:3e:94:21:42:f6:fa:57:e8:2d:5a:
a5:26:42:39:e9:1c:ae:d1:74:93:7d:27:0e:d7:d2:
de:89:28:d0:c2:1e:ff:f5:44:5a:8d:89:57:e4:cb:
8a:76:1c:3a:71:a8:f6:36:74:b6:0b:09:17:75:68:
49:59:e2:7d:8c:cf:2a:ee:9b:75:86:12:59:98:1b:
d0:5e:bb:35:93:a8:00:5e:56:31:fd:7e:fd:fa:35:
3a:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:5C:D3:FA:1D:48:BE:63:09:E1:03:38:31:D6:2E:87:54:E5:1A:5A
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/T1zT-h1IvmMJ4QM4MdYuh1TlGlo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.182.108.0/24
95.182.110.0/24
109.248.6.0/23
109.248.33.0/24
109.248.45.0/24
109.248.168.0/23
188.130.209.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:36:a1:c8:9d:4c:17:0d:50:72:1c:43:14:f7:5d:37:be:14:
d0:c2:93:4a:58:48:57:00:fa:d1:0c:0c:fe:65:fb:6c:6f:12:
d9:2a:90:0c:f9:fa:c7:a6:02:17:d6:fe:1f:38:bd:10:bb:5c:
27:1e:6d:a0:af:0f:6e:4f:ad:ff:7f:17:48:1f:31:bb:7b:ae:
d2:3e:55:60:40:d6:7c:d8:b3:30:20:e6:f5:fc:d5:66:dc:09:
85:e9:14:08:b1:07:ca:d9:8b:4a:a5:d6:41:af:93:b8:d3:22:
6f:de:9e:54:21:2b:78:46:dd:a2:88:bc:c9:6c:c3:00:b4:b0:
44:fc:42:9c:cb:e8:8d:2a:f8:e3:60:0e:57:3a:79:22:f0:50:
3b:bb:9e:75:7a:bd:78:e1:f4:ae:1e:80:f8:3a:ad:46:5e:4c:
d3:7b:d0:5b:a0:e9:58:1f:06:98:13:c8:97:5f:2b:08:44:09:
aa:59:ed:9f:13:54:d2:dd:05:99:77:48:12:da:5a:e9:2d:33:
98:19:37:fe:bc:94:1b:1f:07:dc:f5:18:89:f2:86:49:04:c8:
15:14:ae:e1:c6:30:97:88:bb:2a:67:fb:57:29:db:44:d1:56:
55:4b:33:92:79:71:f1:06:9b:33:8b:3d:57:23:ca:f8:dd:21:
8f:3d:a8:22
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ0/M+HQpzmna+rERX1tvR4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMzMwMTQ0NDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjVjZDNmYTFkNDhiZTYzMDllMTAzMzgzMWQ2MmU4NzU0ZTUxYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gyk0kqAQk2S2bDN1OXTBVT8IOSN
AfK3JLa9bP6u3DhyPwpVPDC0MIC12ewM3aJNYRWqP0FauPGG09bs7zfADjk3nN/t
0vkXWps/vSasyMMeL0YX6xQ87Qva15oLal53ki/AZri0/WLb1xCPj/PqecIta7wt
J6WIKh2QGwoOJdKg/BQcPPkSbOBz1xstcCZWMa71lWyHVbM1rOJkLv9ac1NqcvWY
B7kC0z6UIUL2+lfoLVqlJkI56Ryu0XSTfScO19LeiSjQwh7/9URajYlX5MuKdhw6
caj2NnS2CwkXdWhJWeJ9jM8q7pt1hhJZmBvQXrs1k6gAXlYx/X79+jU6cQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFE9c0/odSL5jCeEDODHWLodU5RpaMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvVDF6VC1oMUl2bU1KNFFNNE1kWXVoMVRsR2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAX7ZsAwQA
X7ZuAwQBbfgGAwQAbfghAwQAbfgtAwQBbfioAwQAvILRMA0GCSqGSIb3DQEBCwUA
A4IBAQBuNqHInUwXDVByHEMU9103vhTQwpNKWEhXAPrRDAz+ZftsbxLZKpAM+frH
pgIX1v4fOL0Qu1wnHm2grw9uT63/fxdIHzG7e67SPlVgQNZ82LMwIOb1/NVm3AmF
6RQIsQfK2YtKpdZBr5O40yJv3p5UISt4Rt2iiLzJbMMAtLBE/EKcy+iNKvjjYA5X
Onki8FA7u551er144fSuHoD4Oq1GXkzTe9BboOlYHwaYE8iXXysIRAmqWe2fE1TS
3QWZd0gS2lrpLTOYGTf+vJQbHwfc9RiJ8oZJBMgVFK7hxjCXiLsqZ/tXKdtE0VZV
SzOSeXHxBpsziz1XI8r43SGPPagi
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:42:50 2026 by rpki-client